Login Sign Up

CVE-2020-37165

6.2 MEDIUM
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-37165 is a buffer overflow vulnerability in AbsoluteTelnet that allows local attackers to crash the application by supplying an oversized license name. This affects users of AbsoluteTelnet 11.12 who have local access to the system. The vulnerability causes denial of service but does not allow code execution.

💻 Affected Systems

Products:
  • AbsoluteTelnet
Versions: 11.12
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the Windows version of AbsoluteTelnet. Requires local access to the application's license management interface.

📦 What is this software?

Absolutetelnet by Celestialsoftware

View all CVEs affecting Absolutetelnet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers can cause persistent application crashes, disrupting legitimate users' terminal sessions and potentially causing data loss in unsaved sessions.

🟠

Likely Case

Malicious local users or malware with user-level access can crash the AbsoluteTelnet application, causing temporary disruption to terminal operations.

🟢

If Mitigated

With proper access controls limiting local user privileges and monitoring for abnormal license name inputs, impact is minimal.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring access to the application interface.
🏢 Internal Only: MEDIUM - Internal users with local access can exploit this to disrupt terminal services.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires local access to paste payload into license name field. Proof of concept available in exploit databases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.13 or later

Vendor Advisory: https://www.celestialsoftware.net/

Restart Required: Yes

Instructions:

1. Download latest version from vendor website. 2. Install over existing installation. 3. Restart system or application.

🔧 Temporary Workarounds

Restrict License Management Access

windows

Limit access to AbsoluteTelnet's license management interface to trusted administrators only.

Input Validation via Group Policy

windows

Implement application control policies to monitor for abnormal license name inputs.

🧯 If You Can't Patch

  • Implement strict least-privilege access controls to limit who can access AbsoluteTelnet license settings.
  • Monitor application logs for crash events and investigate any abnormal license name entries.

🔍 How to Verify

Check if Vulnerable:

Check AbsoluteTelnet version in Help > About. If version is 11.12, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is 11.13 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs from AbsoluteTelnet
  • Windows Event Logs showing application failures

Network Indicators:

  • No network indicators - local exploit only

SIEM Query:

EventID=1000 OR EventID=1001 Source='AbsoluteTelnet' OR ProcessName='AbsoluteTelnet.exe'

📊 Metadata

CVE ID: CVE-2020-37165
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: February 7, 2026
Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37165, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)